Mere months after driving drunk and killing her best friend (and injuring her best friend’s 6-year-old and 6-month-old children), a Santa Barbara woman posted images of herself holding a drink on MySpace. She also posted comments reminiscing about drinking with friends. The judge was not amused; the woman, who most likely would have gotten probation as it was her first DUI offense, was sentenced to two years in jail. In the judge’s eyes, she had proven her lack of remorse through her online postings. (See “Internet Plays Key Role in Vehicular Manslaughter Sentence.”)

Fraud examiners should work hard to discover evidence in information posted on Facebook, Twitter and other social networking sites (SNS). A person’s online profile might be a gold mine for red flags of fraud, such as pictures of a new house that a subject could not afford or postings detailing a luxurious vacation during a supposed sick leave.

Also, SNSs are full of subjects’ information that can be used in legal proceedings — either as direct evidence or as a means to contradict testimonies.

Conventional wisdom says that SNS members retain privacy in the information they post online by customizing their user settings, carefully considering the third-party applications they use on the sites and refraining from indiscriminately accepting people into their networks. Otherwise, the information is essentially public knowledge and lacks any cognizable privacy interest.

But do these maneuvers wholly protect information from investigators?

Cynthia Hetherington is the founder and president of Hetherington Group, a consulting and training firm focusing on intelligence, security and investigation. According to Hetherington, nothing is completely private on SNSs. “The whole business of SNSs is to catalog and sell your information to marketing endeavors,” she said. “Fraud investigators are making good, legal use of these searches.”

Furthermore, recent legal proceedings reveal that privacy barriers in SNSs offer a false sense of security in certain situations. If it comes down to litigation, investigators still have useful online evidence sources.

PRIVACY PROTECTION

A company that operates an SNS typically holds all communications on its servers or on leased storage space rather than on members’ devices. The U.S. Stored Communications Act, which protects electronic communications held by Internet service providers (ISPs), prohibits ISPs from disclosing users’ communications to any private party with a few exceptions. Basically, civil litigants and criminal defendants may not obtain user information directly from ISPs without users’ consent, but state and federal entities may do so with warrants or subpoenas. However, this act does not stop courts from ordering the parties themselves to produce such communications.

A user might enable privacy settings on a social media account, but that does not automatically protect that information from discovery in a legal proceeding. A court resolves an objection to a discovery request by balancing the burden and possible oppression of producing the information — including the potential invasion of privacy — with the material needed for such information.

Of course, investigators can access information from an account if the user has not turned on the privacy features. SNS snooping by law enforcement and other government investigators is an emerging, controversial issue, and we can expect to see landmark decisions on this issue in the future. A search is only regulated by the Fourth Amendment if the person being searched has a reasonable expectation of privacy to the searched area. Interestingly, in Quon v. City of Ontario, the U.S. Supreme Court declined to decide whether public employees have a reasonable expectation of privacy to electronic communications made with employer-issued devices. The court explained, “Prudence counsels caution before the facts in this case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations of employees using employer-provided communication devices.” In Romano v. Steelcase, Inc., discussed below, the court found that a party had no reasonable expectation of privacy to their SNS postings. While Romano was outside the scope of the Fourth Amendment, the lack of an expectation of privacy reflects the growing trend to view SNS information as non-private.

Law enforcement agencies are beginning to take advantage of that position. For example, the U.S. Citizenship and Immigration Services instructed its officers in a memo to use social networking sites to obtain evidence that suspects entered into sham marriages to gain citizenship. If subjects turned on privacy settings, then investigators would largely rely on gaining acceptance into the subjects’ social networks (e.g., adding them as a friend on Facebook) to obtain evidence from these sites.

“The smart fraudster keeps his crimes to himself, and doesn’t report his actions on Facebook, or anywhere else for that matter,” said Hetherington. However, she noted that “narcissism, coupled with ignorance of how to protect the SNS [data], drives individuals to share, post, update and basically inform anyone and everyone of their actions.”

Indeed, the U.S. Citizenship and Immigration Services memo suggests that officers play off subjects’ “narcissistic tendencies” to make friends with as many people as possible, regardless of whether they actually know them — a mistake many fraudsters will not make.

Regardless, the courts can order parties to produce SNS evidence when investigators cannot obtain information from social network sites because of activated privacy settings.

USING SNS INFORMATION AS EVIDENCE

More litigants are using SNSs to collect key evidence. The Equal Employment Opportunity Commission (EEOC) recently sued Simply Storage Management for sexual harassment on behalf of two employees. During discovery, the company sought the Facebook and MySpace pictures, posts and profile information of the employees who claimed to be harassed. The EEOC objected to the request as being overbroad and an invasion of privacy.

The court conformed with a recent trend of judicial decisions when it ordered production of the women’s profiles, status updates, postings, photos and videos relating to “any emotion, feeling, or mental state.” The EEOC, when it alleged depression, post-traumatic stress and anxiety as a result of harassment, it effectively opened the door to discovery of the women’s personal lives and mental health. Therefore, the court determined their profile information was largely relevant.

The same theory would apply to a multitude of fraud-related cases, particularly in the areas of employment, insurance and healthcare fraud, in which a person’s well-being and behavior are often at issue.

Doubtlessly, many litigants with less-than-favorable evidence stored on their various SNS pages will clear the sites of any information that might be harmful to their cases once legal action begins. Such tactics, however, not only violate federal and state evidence rules against spoliation (i.e., the act of destroying evidence or making it otherwise unavailable), but they are also often ineffective. In September 2010, a New York state court held in Romano v. Steelcase, Inc. that a personal injury plaintiff who claimed loss of enjoyment of life had to give the defendant access to her current and historical Facebook and MySpace profiles and pictures, including deleted portions. Even if an SNS member deactivates her account, major SNSs retain user data. The court ordered the plaintiff to give her consent to the defendant to obtain the SNS information.

If deleted SNS information cannot be recovered for some reason, the court might impose sanctions for spoliation of evidence. For instance, the court can instruct the jury that it may infer that the unproduced evidence would have been damaging to the offending party.

A DOUBLE-EDGED SWORD

Such information might also be used to help defendants, though this use is not as common as using SNS information for investigatory purposes. There are not many occasions for defendants to put SNS content into evidence because any content the defense would choose to use would be self-serving and redundant to a defendant’s testimony. However, SNSs contain more information than just media and user-created content.

In one investigation, 19-year-old Rodney Bradford of New York was arrested as a robbery suspect. His defense: How could he have committed the crime when his Facebook page revealed that, at the time of the offense, he was posting a status update (about a “craving for pancakes”)? The officers decided that the time of the post was sufficient to support his alibi. Bradford was released for lack of evidence.

Sites like Facebook will keep track of when such content was uploaded and the location from which it was uploaded. Potentially, this information could support or undermine a fraud theory, so fraud examiners should observe available time stamps and IP addresses. Technically, posts and other uploads might be performed remotely (e.g., a user sends a command from his smart phone to his home computer to upload content). Even so, IP addresses are traceable in most situations, though a warrant/court order usually will be necessary to identify a specific device.

Additionally, fraudsters are not the only ones who use online networking. While SNS information can supplement evidence in fraud litigation, fraud examiners should remind companies to create historical archives of their own SNS information once the duty to preserve evidence applies.

USE DISCOVERY OF SNS AS AN OPTION

A good investigator learns techniques for obtaining sufficient evidence to prove a fraud case. As more SNS accounts are created worldwide, the value of the information these sites contain increases proportionately. Sometimes fraud suspects will voluntarily, and perhaps naïvely, leave their lives open to view online. Otherwise, investigators should add SNS information to the cost-benefit analysis of pursuing litigation in a particular case.

Jacob Parks, J.D., is a research specialist at the ACFE.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.fraud-magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be e-mailed to: FraudMagazine@ACFE.com.